Banks’ Worst Nightmare – Carbanak Heist

Post navigation

As banks slowly approach the age of digitalization they already seem to be facing tough challenges that are related to their own systems’ security. Banks have been victims to many cyber crimes but so far the crimes had been related to hacking into customers’ accounts. The shift from hacking customers’ accounts to hacking banks’ systems seems to be one of the latest and perhaps the biggest and quietest cyber crimes. In the past, bank robberies might not have been so planned and professional but with changes in technology, even cyber crimes seem to keep up. Hacking has been a growing threat to the virtual world forcing banks to do a reality check on their safe and secured customer database. On February 16, 2015 Kaspersky Lab (Moscow based security firm) released that international hackers had stolen as much as $1 billion from 100 banks across 30 countries in about two years dating back to 2013. According to Kaspersky, the thieves were Russian, Ukrainian, Chinese and European and their potential targets have so far been financial institutions in Russia, US, Germany, China and Ukraine.

Chris Doggett, Kaspersky Lab Manager for North America, told NYT: “This is probably the most sophisticated attack the world has seen to date in terms of tactics and methods that cybercriminals have used to keep secret”.

What is Carbanak?

The malware is called Carbanak, which is used by Kaspersky and is an APT (Advanced Persistent Threat) style campaign whereby the attackers seem Persistent if not strictly advanced. The hackers are able to watch the actions of the banks’ employees and how they conduct their everyday business. The hackers had every detail of the banks’ work and managed to mimic their activity. They then transferred millions of money into their own accounts. Once around $10 million were transferred from an account from each bank, the fraudsters would abandon that bank forever. This kind of cyber crime is definitely a carefully thought over plan. The cyber crime in financial institutions were mostly related to hacking of customer’s accounts or some bank official releasing confidential data, but Carbanak is considered one of a kind where potential losses run in millions of dollars with banks becoming victims.

What was the process the hackers followed?

The issue of Carbanak goes back to late 2013 when a bank in Ukraine reported that money was mysteriously stolen from ATMs. The matter became serious when a Russian bank detected an alert that the data was being sent from their Domain Controller to the People’s Republic of China. According to Litan, vice president at the tech consulting firm Gartner, the email that the hackers send to the banks’ employees appear as if it’s from the company’s CEO with a title that an employee can’t resist — such as “2015 Salary Plans” or “Urgent: your attention is required.” In such cases, the cyber criminals know that the employees will open that certain email following which their accounts would be compromised. These compromised accounts of targeted employees helped hackers identify workers who had the responsibility of money transferring through cash or ATM. Once this was done, hackers remotely recorded their screens and movements and gained access to systems. Hackers used banking techniques to transfer money like SWIFT was used in one case for transferring money within accounts and in another case, Oracle databases were manipulated to transfer money through online banking.

The hackers still remain active and are trying to expand their activities to Asia, Middle East, Africa and Central Europe. The losses per bank have so far ranged from $ 2.5 million to $10 million and in many cases even dispersed cash from remotely connected ATMs. The time span from infection in banks’ computer systems to cash transfer has been 2-4 months. Kaspersky report has declined to name the compromised banks.

What this could mean for the modern banking system?

Cyber attacks are not new to the banking world. In 2014, computer intrusions in banks raised concerns amongst government and bank officials. Even though there was no evidence of any fraudulent use of customer information, such cyber attacks in banks and financial institutions raise a very important question on the banking security system and increased no. of threats from hackers. The recent bank attack is more like a ‘wake up call’ to many financial institutions.

According to Kaspersky report last year, it was noted that online banking threats had fallen but mobile banking and Bitcoins were getting targeted more. Such attacks show that there needs to be a more secured network so that such intrusions can be detected and prevented before they happen. In this big bank crime, the attackers were able to bypass the protections and use banking technology like any other employee of that bank. They took time to study the internal procedures and seemed to be familiar with financial services software.

Banks need to act more quickly and diligently especially since hackers seem to use clever engineering techniques to pull of the biggest Carbanak heist. Employees of banks need to be aware of such crimes since it remains active and should be advised not to open such emails especially the ones carrying attachments. Many suggest that financial institutions should update their software and check their networks for Carbanak. Others propose in-house training for employees since many still seem to overlook the emails.

In recent years, a lot of private data has gone public due to the growing number of hacks and data breaches. What is worse is that many remain undetected and go unpunished. The sad part of the entire security breach in banking sector is that all this is happening at a time when banks were getting comfortable with technology and digitalization. Such crimes that are successful not only undermine customers’ trust but also prevent banks from establishing one.